Complex passwords

Further, complex passwords and other strong password practices are not always used to prevent unauthorized access to control systems, in part because this could hinder a rapid response to safety procedures during an emergency. As a result, according to experts, weak passwords that are easy to guess, shared, and infrequently changed are reportedly common in control systems, including the use of default passwords or even no password at all. 

A simple example of the first method is to screen requests to ensure that they come from an acceptable (i.e., previously identified) domain name and Internet protocol address. Firewalls may also use more complex rules that analyze the application data to determine if the traffic should be allowed through. For example, the firewall may require user authentication (i.e., use of a password) to access the system. How a firewall determines what traffic to let through depends on which network layer it operates at and how it is configured. Some of the pros and cons of various methods to control traffic flowing in and out of the network are provided in table 9.12. 

Interestingly, too much security can have the undesired effect of reducing protection. If controls are too rigid, making normal productivity difficult, workers have a tendency to develop techniques for circumventing security measures. Complex electronic key doors are wedged open. Passwords are recorded on desk calendars. Systems are not turned off when unattended to avoid complex log-in procedures. In developing security controls a balance with appropriate access must be considered. 

Password complexity verification—this performs a complexity check on the password to ensure that it is complex enough to provide reasonable protection against intruders who might want to break into the system by guessing the password... 

A "front end" is a computer software package, normally resident in a microcomputer, which isolates the user of a public on-line service from some of the complexities of the retrieval mechanism. At the simplest level, it automates the process of accessing the host computer from which the service is given. Steps in this process may include dialing the computer either directly or through a telecommunications network, supplying the user s identifier and password when prompted by the host computer and possibly selecting the desired file or service for the user. 

Common protocol attacks Although a wide variety of security implications and vulnerahilities have been identified with OPC services and standards, OPC standards and application programming interfaces are common in control system environments. OPC vulnerabilities could be simple system enumeration and password vulnerability or they could be more complex like remote registry tampering and buffer overflow flaws, etc. These could result in threats to lACS. The installation of undetected malware, DoS attacks, escalated privileges on a host, and/or even the accidental shutdown of LACS are vulnerabilities for which solutions are available but these are not always very successful. 

---